> (ruba): true, when talking about scanning inside the IS, but you can scan > the message before it enters the IS and be in exchange message format, > MTA message scanning for example.(Each mail on entering the Internet Mail > Service is placed in the IN subdirectory. This is where antigen scans the > inbound queue for infected attachment. At this stage the IMS attempts to > deliver the message to the Microsoft Exchange Server computer for the > final delivery by the MTA (Message Transfer Agent) or the information > store to the recipients. If at this stage the recipient is not in the > particular site directory the message is sent to the out - subdirectory > and sent to the next IMS. At this point the message leaves the environment > unscanned by VSAPI (GFI)). > Also In-memory scanning done by Antigen minimizes impact on the Exchange > server for optimum protection and efficiency, which can't be done with > GFI. Any AV which relies upon scanning at the exact precise moment that a message is placed in the In directory without programmatically being called to scan that message is problematic and unreliable. That is playing a game to see who can get there first, the AV software or the SMTP engine to deliver. > (ruba): being proactive is not the way to go about it, being preemptive > is. I mentioned the notifications because I was listing what would be good > to have in GFI not because administrators should rely on the > notifications. Not being proactive about security will let stuff through. John T eServices For You